CN106059752A - White-box cryptography encryption-decryption method based on expansion ciphertext - Google Patents

White-box cryptography encryption-decryption method based on expansion ciphertext Download PDF

Info

Publication number
CN106059752A
CN106059752A CN201610531694.0A CN201610531694A CN106059752A CN 106059752 A CN106059752 A CN 106059752A CN 201610531694 A CN201610531694 A CN 201610531694A CN 106059752 A CN106059752 A CN 106059752A
Authority
CN
China
Prior art keywords
bit
ciphertext
plain text
function
vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610531694.0A
Other languages
Chinese (zh)
Other versions
CN106059752B (en
Inventor
许涛
武传坤
薛锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201610531694.0A priority Critical patent/CN106059752B/en
Publication of CN106059752A publication Critical patent/CN106059752A/en
Application granted granted Critical
Publication of CN106059752B publication Critical patent/CN106059752B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3

Abstract

The invention discloses a white-box cryptography encryption-decryption method based on an expansion ciphertext. The method comprises the expansion ciphertext and a lookup table, wherein a pseudorandom bit stream is implied in the expansion ciphertext; the lookup table is used for decrypting n bits to m bits (the n is greater than the m); and a table lookup operation is a combination of three functions, namely the one-to-one mapping function F <(K, n-n)> of n-bit inputs to n-bit outputs relevant to a secret key K, the function C<n-m> of the n-bit inputs to the n-bit outputs, and the one-to-one mapping function F <(K, m-m)> of m-bit inputs to m-bit outputs relevant to the secret key K. According to the method disclosed by the invention, in encryption, a server side takes the pseudorandom bit stream as a mask, is combined with the ciphertext and is scrambled to obtain the expansion ciphertext; and in decryption, the n-bit ciphertext is decrypted into a m-bit plaintext via the table lookup operation. The decryption efficiency can be obviously improved.

Description

A kind of whitepack password encipher-decipher method based on expansion ciphertext
Technical field
The invention belongs to areas of information technology, relate to one and can be applicable to the insincere ring such as smart mobile phone, top box of digital machine In border, whitepack password encipher-decipher method based on expansion ciphertext.
Background technology
Traditional cryptographic algorithm always assumes that at the beginning of design and runs in black box environment, i.e. assailant is only capable of and observes The input of algorithm and output.However as the development of information technology, this hypothesis is no longer set up.Currently, various electronic equipments with Place can obtain, and can directly or indirectly access the Internet, and people obtain the approach of digital content and get more and more.These equipment include But it is not limited to top box of digital machine, IPTV, PC and increasing hand-held device, such as mobile phone, panel computer etc..Along with The intellectuality of these equipment, the running environment at software place therein is probably incredible, and the validated user of equipment also has can Can become active attack person, the most traditional cryptographic algorithm is the most reliable.
Such as, digital content is encrypted by server end, controls it and distributes to validated user.User terminal software obtains After ciphertext, key is utilized to be decrypted, to obtain the digital content that can use.But, due to terminal software running environment Insecurity, assailant can arbitrarily observe decrypting process, intercepts and captures key easily and be broadcast to disabled user.This incredible Software runtime environment is referred to as whitepack environment.In whitepack environment, assailant has the control of high authority to running environment, except Can arbitrarily observe the operation of software, it is also possible to transplant/revise the intermediate object program etc. when code, amendment operation.This to software Directly attack and be referred to as white-box attack.
Whitepack password is the technology proposed to resist white-box attack, and its concept is the earliest by Stanley Chow etc. People proposes in " White-box Cryptography and anAES Implementation " (SAC, 2002).Chow etc. The operation of AES (Advanced Encryption Standard) look-up table networks comprising key is realized by people, carries out look-up table with random dijection Coding protection, and by cryptographic boundary is shifted protect further in the application comprising deciphering module onto key.Continue to use similar The method of Chow, whitepack DES, SM4 etc. are suggested in succession.But, all whitepack for existing cryptographic algorithm announced Work is all proved to be the safest.Method of proof all with Alex Biryukov et al. at " Structural Cryptanalysis of SASAS " (Journal ofCryptologly, 2010) middle structural workflow net class proposed Seemingly.
At present, up-to-date whitepack cryptology concentrates on the whitepack password that structure is special.Alex Biryukov et al. exists “Cryptographic Schemes Based on the ASASA Structure:Black-box,White-box,and Public-key " (ASIACRYPT, 2014) proposes whitepack password based on ASASA structure;Andrey Bogdanov etc. People is at " White-box Cryptography Revisited:Space-Hard Ciphers " (22nd ACM SIGSAC Conference, 2015) the packet dedicated whitepack password of entitled SPACE is proposed in.Wherein, the former has proven to uneasy Complete, because the look-up table of ASASA structure is by successful decomposition.During with SPACE to plain text encryption, good close in order to obtain Literary composition character, needs through some encryptions taken turns in plain text, correspondingly, is also required to when deciphering take turns whitepack deciphering mould through some The process of block, and each wheel comprises some table lookup operations, and deciphering speed is slower.
When constructing special whitepack password, need to meet three below Security Target: 1. ciphertext safety;2. key can not Extractability;The most anti-code migrating.Ciphertext safety refers to: the cryptogram space is sufficiently large, and ciphertext meets certain cryptography Characteristic, it is possible to anti-black box is attacked.Key not extractibility refers to: the code that whitepack realizes is generated by cipher controlled, from code Backstepping key is difficult.Anti-code migrating refers to: whitepack realize must be used as an entirety, it is impossible to be modified or Person compresses.Special whitepack password can provide the strategy that overall code amount is controlled, the actual size of size of code by implementer according to Demand for security and actual application environment determine.
Summary of the invention
The whitepack cryptographic system based on expansion ciphertext that the present invention relates to is a kind of new exclusive whitepack password encryption and decryption side Method, the software can being run in whitepack environment uses, and is used for resisting white-box attack.Whitepack in system realizes being in terminal N-bit input m bit output (n > m) look-up table, this look-up table is to be generated by server to be then distributed to terminal, distributes Journey can be network transmission, preset, the carrier duplication of dispatching from the factory etc. ways of distribution.Deciphering in the present invention only needs the behaviour that once tables look-up Making, efficiency is much higher.Ciphertext character in the present invention is ensured by the pseudorandom bit stream as mask.
The technical solution used in the present invention is as follows:
A kind of whitepack cipher encrypting method based on expansion ciphertext, the steps include:
1) m bit is used mapping function F in plain text(K,m→m)Inverse functionMap, obtain the centre of m bit Result Ab;Wherein, F(K,m→m)Mapping function for the m bit relevant to key K to m bit;
2) a n-m bit random data PRN and function C is utilizedn→mRandom inverse functionBy this intermediate object program AbExpansion is n-bit;Wherein, Cn→mIt is input to m bit output function for n-bit;Random inverse functionFor: at function Cn→mEffect under, m bit exports there being K n-bit preimage (the most multiple n-bit preimage), utilizes pseudo-random data PRN process of selected from this K preimage is referred to as Cn→mRandom inverse function;
3) mapping function F is utilized(K,n→n)Inverse functionTo intermediate object program A after extensionbMap, obtain Ciphertext Ad;Wherein,Mapping function for the n-bit relevant to key K to n-bit.
Further, step 1) in, first vector IV with a m bit is calculated in plain text, obtain the middle junction of m bit Really Aa;Then by this intermediate object program AaUse mapping function F(K,m→m)Inverse functionMap, obtain in m bit Between result Ab
Further, a length of m bit of this vector IV, initialization vector IV and the m bit of m bit is carried out in plain text different Or add calculating, obtain intermediate object program A of m bita
Further, using grouping encryption method to being encrypted in plain text, wherein, m is block length in plain text, and n is close The block length of literary composition;Take the low m Bit data in the i-th packet ciphertext and update vector IV, repeat step 1)~3) i+1 is grouped It is encrypted in plain text, until the encryption of all clear packets is complete.
Further, step 2) in, by this intermediate object program AbExpansion for the method for n-bit is: by this n-m bit random i lumber According to R and AbCarry out coupling R | | Ab
A kind of whitepack password decryption method based on expansion ciphertext, decrypting end utilizes the look-up table of encryption end distribution to n ratio Special ciphertext carries out table lookup operation, and decrypting end utilizes the look-up table of encryption end distribution that n-bit ciphertext is carried out table lookup operation, and it is right to obtain The m bit answered is in plain text;Wherein, this look-up table is the compound of three functions: the n-bit relevant to key K is input to n-bit output Mapping function F one by one(K,n→n), n-bit be input to m bit output function Cn→mAnd the m bit input relevant to key K Mapping function F one by one to the output of m bit(K,m→m)
Further, this n-bit ciphertext is to be encrypted after vector IV Yu a m bit is calculated by encryption end in plain text Ciphertext, this m bit obtained is carried out being calculated final plaintext by decrypting end in plain text with this vector IV.
Further, a length of m bit of this vector IV, this m bit vectors IV is carried out in plain text by decrypting end with this m bit XOR adds calculating, obtains final plaintext.
Further, this ciphertext is to use grouping encryption method to being encrypted the ciphertext obtained in plain text, and wherein, m is bright The block length of literary composition, n is the block length of ciphertext;The decrypting end low m Bit data of the i-th packet ciphertext updates this vector IV, With to the m bit after i+1 packet ciphertext deciphering, carrying out XOR adds calculating in plain text, until the deciphering of all ciphertext block is complete.
A kind of whitepack cryptographic system that the present invention provides, maps input message for execution in the case of given key Password Operations to output message, it is characterised in that described system includes: imply the expansion ciphertext of pseudorandom bit stream, with And it is used for the n-bit the deciphered look-up table to m bit (n > m).
Further, pseudorandom bit stream as mask and combination scramble in plain text, is obtained expanding ciphertext by server end, Shuffle operation therein is relevant to key.
Further, the look-up table being used for decryption oprerations is a mapping relevant to key, and its effect is to remove Mask information in ciphertext.
Further, m and n is arranged to security parameter, controls, according to this security parameter, the code rule that whitepack password realizes Mould and complexity.
Plant the method that pseudorandom bit stream is applied to whitepack password, for performing defeated in the case of given key Entering message and be mapped to the Password Operations of output message, wherein pseudorandom bit stream affects the cipher characteristic of ciphertext as mask, negative The look-up table being an exposure to whitepack environment of duty deciphering.
Compared with prior art, beneficial effects of the present invention is as follows:
1. the invention provides a kind of whitepack cryptographic methods based on expansion ciphertext, feature is that whitepack as shown in Figure 5 is close Code system, wherein block length m in plain text, block length n (n > m) of ciphertext.In the whitepack password of terminal realizes, only comprise One n-bit is to the look-up table of m bit, simple for structure, it is easy to accomplish.
2. the whitepack password announced at present, in order to obtain good ciphertext character, need in plain text through some take turns add Close process.Correspondingly, when deciphering, ciphertext needs through some process taking turns whitepack deciphering module, and deciphering speed is slower.Example As: in SPACE, the scheme taking turns number minimum also wants 128 look-up tables.And the decryption oprerations in the present invention, it is only necessary to table look-up for 1 time, Speed, it is thus possible to significantly improve decryption efficiency.
3. the invention provides a kind of according to demand for security control system scale and the means of complexity: using m and n as Security parameter, determines when reality is implemented.
Accompanying drawing explanation
Fig. 1 shows the structure of terminal look-up table;
A () is traditional look-up table, the look-up table of (b) present invention;
Fig. 2 shows the operation that pseudorandom bit stream obtains expanding ciphertext as mask;
Fig. 3 shows the complete ciphering process of server end;
Fig. 4 shows the decrypting process of terminal;
Fig. 5 shows the overall structure of whitepack cryptographic system based on expansion ciphertext;
Fig. 6 shows the example of the whitepack cryptographic system that the present invention relates to.
Detailed description of the invention
Data stream is operated by the look-up table utilizing implicit key, is the basic skills designing whitepack password at present: as Shown in Fig. 1 (a), F(K,n→n)It is the mapping one by one to n-bit of the n-bit relevant to key K, is used look-up table 101 table After reaching out, assailant is difficult to be gone out K or and F by look-up table backstepping(K,n→n)Functional relationship of equal value.101 can be single looking into Look for table, it is also possible to be the combination of one group of look-up table.
When system is implemented, server end utilizes F(K,n→n)Inverse function data are encrypted, and terminal (runs on white Box environment) then utilize look-up table to decipher.Structure efficiency and the calculating resource limit (multi-user of server end in view of look-up table In the case of, it is impossible to store key in the form of a lookup table for each user), look-up table is folded by relatively simple functional relationship Add generation.
AlexBiryukov et al. utilizes ASASA type structure structure look-up table (see background technology) that key is relevant, i.e. F(K,n→n)The A (diffusion layer) being correlated with by key and S (replacement layer) is alternately formed by stacking, and devises a kind of packet dedicated whitepack password Scheme.But their method is proved to be unsafe soon.The look-up table of ASASA structure by the basis of successful decomposition is The relation between n-bit input and n-bit output can be utilized to set up equation group.If look-up table is designed to n-bit input Corresponding m bit output (n > m), then assailant is difficult to continue to use existing method again and attacks.
The whitepack cryptographic system based on expansion ciphertext that the present invention relates to, whitepack realization part is in the single n of terminal Bit is to the look-up table of m bit (n > m) and utilizes the process that look-up table is decrypted.The building method of look-up table such as Fig. 1 (b) In 102 shown in, table lookup operation is the compound of three functions: the n-bit relevant to key K is input to n-bit and exports Mapping function F one by one(K,n→n), n-bit be input to m bit output function Cn→mAnd the m bit relevant to key K is input to m The mapping function F one by one of bit output(K,m→m)
Look-up table generates at server end, is then distributed to terminal.Ways of distribution can be network transmission, terminal unit Dispatch from the factory preset, with carrier transmission such as USB flash disk etc..After look-up table is fabricated, functional relationship originally is hidden.In terminal only Look-up table can be seen, and can't see explicit functional relationship.
When reality is implemented, F(K,n→n)And F(K,m→m)Structure A and S that key can be used relevant replace the side of superposition Method, or additive method, if ensure its be " invertible mapping of n-bit to n-bit " respectively, " m-bit to m-bit's is reversible Map ".These 2 functions are secret, and its explicit logical relation (inverse function) is only when server end is encrypted operation Used.F(K,n→n)And F(K,m→m)To implement be not the emphasis of the present invention, thus the present invention does not describe it and implements.
Cn→mRealization can also have multiple choices, can be secret can also be disclosed.Profit during server end encryption Use Cn→mRandom inverse function.The most contrafunctional it is defined as: at Cn→mEffect under, preimage (the n ratio of an output (m bit) Special) there is K, utilize pseudo-random data PRN, from K preimage, select one, this process is referred to as Cn→mRandom inverse function, note MakeSuch as n=2m, Cn→mIt is that high m bit n-bit inputted in data adds with low m bit XOR, obtains m ratio Special output;Correspondingly,It it is acquisition n-m=m Bit data from pseudorandom bit stream maker PRNG (201) PRN, after it being added with m bit input XOR, mends a high position of PRN, the n-bit data after being expanded by result.For table Stating conveniently, we illustrate with truncation funcation below, i.e. Cn→mIt is that the low m bit only retaining n-bit input data is for exporting number According to, high-order n-m bit is abandoned.
The general procedure of native system encryption and decryption is as follows: first, as in figure 2 it is shown, the cryptographic operation of server end is(being combined of ο representative function, i.e. f ο g (x)=f (g (x))), this operation can be regarded Make the inverse operation of terminal table lookup operation, whereinIt is truncation funcation Cn→mRandom inverse function, i.e. from pseudo-random bits Stream maker PRNG (201) obtains n m Bit data PRN, mends a high position for m bit input data, m Bit data is expanded For n-bit data.The result of cryptographic operation is as mask using the n m bit pseudo-random data that obtain every time, it is thus achieved that after expansion Ciphertext.The decrypting process of terminal is then the process utilizing look-up table to remove this mask.
The complete ciphering process of server end is as shown in Figure 3.In order to allow the data after encrypting have more preferable ciphertext character, We use the CBC pattern of similar block cipher.The initialization vector IV of m bit adds with first m bit XOR in plain text, result is entered The row such as cryptographic operation of Fig. 2, obtains the ciphertext of n-bit.The low m Bit data of ciphertext is fed back to next group m bit in plain text The process of encryption, replaces the position of IV.When reality is implemented, it would however also be possible to employ the method for other Cipher Feedback.Ciphering process is retouched State as follows:
Initialization vector IV and the m bit of 1.m bit XOR in plain text adds, and obtains intermediate object program A of m bita
2. by AaUse F(K,m→m)Inverse functionEffect, obtains intermediate object program A of m bitb
3. obtain n-m bit random data R from PRN, the result of step 2. is expanded for n-bit, i.e. R and AbConnection R | |Ab, this process is designated as
4. utilizeBy R | | AbObtain ciphertext Ad
5. use AdIn low m Bit data update IV, repeat 1. to 4., next clear packets be encrypted, until institute There is clear packets encryption complete.
Note: to identical encryption of plaintext, due to the difference of pseudorandom bit stream, encrypted result also can be different, but during deciphering, Identical ciphertext can be obtained.
The decrypting process of terminal is as shown in Figure 4.The ciphertext of first n-bit, after a table lookup operation, obtains m bit defeated Go out, its initialization vector IV XOR with m bit is added that (the initialization vector IV of m bit is distributed to terminal by server end;As Really the plaintext that first is grouped is abandoned by server and terminal agreement, and at this time IV can not be sent to terminal by server), To in plain text.During deciphering following n-bit ciphertext, the low m bit of front n-bit ciphertext replaces the position of IV.Deciphering Process prescription is as follows:
1. input is the ciphertext of n-bit, utilizes look-up table, obtains being output as intermediate object program A of m bita
2. by AaAdd with IV XOR, obtain A in plain textb
3. update IV with the low m Bit data of ciphertext, repeat 1. and 2., next ciphertext block is decrypted, until institute There is ciphertext block deciphering complete.
The overall structure of the whitepack cryptographic system based on expansion ciphertext that the present invention relates to is as shown in Figure 5.501 are in clothes The ciphering process of business device end, 502 are in the decrypting process of terminal.In ciphering process, the character of pseudorandom bit stream can Affect final ciphertext character so that ciphertext can be resisted black box and be attacked.The realization of pseudorandom bit stream can be selected existing Stream cipher arithmetic, ZUC, RC4 and SEAL etc..
The following is a simplified example of the present invention, for explaining in detail encryption process:
M=2, n=3, F(001,3→3)X ()=x+001, x are 3 bit inputs;C3→2X (), input is 3 Bit data x, defeated Go out low 2 Bit datas for x, such as: input x=010, be output as 10;F(01,2→2)X ()=x+01, x are 2 bit inputs.Often Several 01 and 001 is key.Look-up table L is the compound of these 3 functionsConcrete data are as follows:
Input Output
000 00
001 01
010 10
011 11
100 00
101 01
110 10
111 11
After look-up table generates, it is distributed to terminal.Note: the functional relationship in this example is very simple, is only used for illustrating Bright encryption process, does not considers Cipher Strength.
Ciphering process: being 8 bits 01 11 01 10 (every 2 bit one group) in plain text, initialization vector IV=11, PRN are The generator of one pseudorandom bit stream.
1. clear packets 01 adds with IV=11 XOR, obtains 10;
2. utilize F(01,2→2)Inverse functionResult 10 by 1. obtains 11;
3. obtain 3-2=1 bit random data from PRN, it is assumed that be 0.The result of 0 with 02. being coupled, expansion is 011, should Process is designated as
4. utilizeResult 011 by 3. obtains ciphertext 010;
5. update IV with low 2 Bit datas 10 in 4. results 010, repeat 1. to 4., next clear packets is added It is close, until the encryption of all clear packets is complete.
Assume that the pseudorandom bit stream obtained during encryption is 0110, then the final ciphertext obtained is 010 101 100 010, Totally 12 bits (every 3 bit one group).
Decrypting process: obtain ciphertext 010 101 100 010 and initialization vector IV=11 from server end
1. input is ciphertext 010, utilizes look-up table L, obtains being output as 10;
2. the output 10 of 1. is added with IV XOR, obtain plaintext 01;
3. update IV with low 2 Bit datas 10 of ciphertext in 1. 010, repeat 1. and 2., next ciphertext block is solved It is close, until the deciphering of all ciphertext block is complete.
The plaintext finally obtained is 01 11 01 10.
When reality is implemented, m and n can select the most flexibly.Can think roughly, when m fixes, n is the biggest, safe journey Spend the highest.The memory space that look-up table takies is 2nM bit.When needs opposing code migrating time, it is also possible to by adjust n and The size of m, carrys out control routine scale.Code size is the biggest, and the ability of opposing code migrating is the strongest.In our example, eventually The whitepack realization part of end is a look-up table, when the actual enforcement of system, it is also possible at the multiple same structure of terminal disposition Look-up table.
Fig. 6 illustrates the embodiment of the present invention.This example is a paid digital media system, including server end 610 and a terminal (media player) 620.Server end by digital content (WAV, MP3, WMA, AVI, JPEG, MPEG-1, The forms such as MPEG-2, MPEG-4) encrypt by the method described in Fig. 3, and it is distributed to legal terminal.Distribution approach can be by logical Letter interface 625 or medium 626 (such as CD, DVD or USB flash disk).
After terminal obtains the digital content of ciphertext form, broadcast with the safe playout software being built in memorizer 622 in advance Put.This software not only needs to be decoded digital content, in addition it is also necessary to first with whitepack crypto module to encryption digital content It is decrypted.Whitepack crypto module includes the look-up table that the present invention relates to and corresponding decryption oprerations.Processor 621 can accept From the input of user, determine the content needing to play, and decoded for deciphering content is presented on display (or audio amplifier) On 624.
The present invention can be with expanded application to all computer programs being adapted for carrying out the present invention.This program can have source generation The forms such as the object code of code, object code and partial compilation.The carrier of program can be any reality that can carry this program Body or device, the signal of the communication channel such as storage medium, Internet transmission and embedded in the integrated electricity of program such as including: ROM Road etc..
Above example is only limited in order to technical scheme to be described, the ordinary skill of this area Technical scheme can be modified or equivalent by personnel, without departing from the spirit and scope of the present invention, and this The protection domain of invention should be as the criterion with described in claims.

Claims (9)

1. a whitepack cipher encrypting method based on expansion ciphertext, the steps include:
1) m bit is used mapping function F in plain text(K,m→m)Inverse functionMap, obtain the intermediate object program of m bit Ab;Wherein, F(K,m→m)Mapping function for the m bit relevant to key K to m bit;
2) a n-m bit random data PRN and function C is utilizedn→mRandom inverse functionBy this intermediate object program AbExpand Open for n-bit;Wherein, Cn→mIt is input to m bit output function for n-bit;Random inverse functionFor: at function Cn→m Effect under, m bit exports there being K n-bit preimage, utilizes pseudo-random data PRN to select one from this K preimage Individual process is referred to as Cn→mRandom inverse function;
3) mapping function F is utilized(K,n→n)Inverse functionTo intermediate object program A after extensionbMap, obtain ciphertext Ad;Wherein,Mapping function for the n-bit relevant to key K to n-bit.
2. the method for claim 1, it is characterised in that step 1) in, first vector IV with a m bit is carried out in plain text Calculate, obtain intermediate object program A of m bita;Then by this intermediate object program AaUse mapping function F(K,m→m)Inverse function Map, obtain intermediate object program A of m bitb
3. method as claimed in claim 2, it is characterised in that a length of m bit of this vector IV, by the initialization of m bit Carry out XOR adds calculating to vector IV Yu m bit in plain text, obtains intermediate object program A of m bita
4. the method as described in claim 1 or 2 or 3, it is characterised in that use grouping encryption method that plaintext is encrypted, Wherein, m is block length in plain text, and n is the block length of ciphertext;Take the low m Bit data in the i-th packet ciphertext and update vector IV, repeats step 1)~3) i+1 packet is encrypted in plain text, until the encryption of all clear packets is complete.
5. the method as described in claim 1 or 2 or 3, it is characterised in that step 2) in, by this intermediate object program AbExpansion is n ratio Special method is: by this n-m bit random data R and AbCarry out coupling R | | Ab
6. a whitepack password decryption method based on expansion ciphertext, it is characterised in that decrypting end utilizes looking into of encryption end distribution Look for table that n-bit ciphertext is carried out table lookup operation, obtain the m bit of correspondence in plain text;Wherein, this look-up table is answering of three functions Close: the n-bit relevant to key K is input to the mapping function F one by one of n-bit output(K,n→n), n-bit be input to m bit output Function Cn→mAnd the m bit relevant to key K is input to the mapping function F one by one of m bit output(K,m→m)
7. method as claimed in claim 6, it is characterised in that vector IV with m is compared Temin for encryption end by this n-bit ciphertext The ciphertext that literary composition is encrypted after calculating, this m bit obtained is carried out being calculated by decrypting end in plain text with this vector IV Whole plaintext.
8. method as claimed in claim 7, it is characterised in that a length of m bit of this vector IV, decrypting end is by this m bit Carrying out XOR adds calculating in plain text for vector IV and this m bit, obtains final plaintext.
9. method as claimed in claim 8, it is characterised in that this ciphertext is for using grouping encryption method to being encrypted in plain text The ciphertext obtained, wherein, m is block length in plain text, and n is the block length of ciphertext;The decrypting end low m of the i-th packet ciphertext Bit data updates this vector IV, with to the m bit after i+1 packet ciphertext deciphering, carrying out XOR adds calculating in plain text, until institute There is ciphertext block deciphering complete.
CN201610531694.0A 2016-07-04 2016-07-04 A kind of whitepack password encipher-decipher method based on expansion ciphertext Expired - Fee Related CN106059752B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610531694.0A CN106059752B (en) 2016-07-04 2016-07-04 A kind of whitepack password encipher-decipher method based on expansion ciphertext

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610531694.0A CN106059752B (en) 2016-07-04 2016-07-04 A kind of whitepack password encipher-decipher method based on expansion ciphertext

Publications (2)

Publication Number Publication Date
CN106059752A true CN106059752A (en) 2016-10-26
CN106059752B CN106059752B (en) 2019-09-03

Family

ID=57184979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610531694.0A Expired - Fee Related CN106059752B (en) 2016-07-04 2016-07-04 A kind of whitepack password encipher-decipher method based on expansion ciphertext

Country Status (1)

Country Link
CN (1) CN106059752B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506158A (en) * 2016-12-29 2017-03-15 上海众人网络安全技术有限公司 A kind of encryption method and system based on whitepack
CN108090349A (en) * 2017-12-19 2018-05-29 武汉珈港科技有限公司 A kind of application program whitepackization based on whitepack instruction and expander graphs spirit model protects system and method
CN108111622A (en) * 2017-12-29 2018-06-01 北京梆梆安全科技有限公司 A kind of method, apparatus and system for downloading whitepack library file
CN109714154A (en) * 2019-03-05 2019-05-03 同济大学 Whitepack cryptographic algorithm under code cubage difficulty whitepack security model
CN111010266A (en) * 2019-12-09 2020-04-14 广州市百果园信息技术有限公司 Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
CN111602367A (en) * 2017-11-30 2020-08-28 泰雷兹数字安全法国股份有限公司 Method for protecting entropy sources used in countermeasures securing white-box cryptographic algorithms
CN115396103A (en) * 2022-10-26 2022-11-25 杭州海康威视数字技术股份有限公司 AI data sharing method, system and device based on white box key

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ALEX BIRYUKOV、等: "Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key", 《20TH INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATION OF CRYPTOLOGY AND INFORMATION SECURITY》 *
ANDREY BOGDANOV、等: "White-box Cryptography Revisited: Space-Hard Ciphers", 《15 PROCEEDINGS OF THE 22TH ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATION SECURITY》 *
罗睿: "一种应用非线性混淆的基于查找表的白盒AES 实现", 《万方学位论文数据库》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506158A (en) * 2016-12-29 2017-03-15 上海众人网络安全技术有限公司 A kind of encryption method and system based on whitepack
CN111602367B (en) * 2017-11-30 2023-04-25 泰雷兹数字安全法国简易股份公司 Method for protecting entropy sources used in countermeasures for securing white-box cryptographic algorithms
CN111602367A (en) * 2017-11-30 2020-08-28 泰雷兹数字安全法国股份有限公司 Method for protecting entropy sources used in countermeasures securing white-box cryptographic algorithms
CN108090349A (en) * 2017-12-19 2018-05-29 武汉珈港科技有限公司 A kind of application program whitepackization based on whitepack instruction and expander graphs spirit model protects system and method
CN108111622B (en) * 2017-12-29 2021-10-29 北京梆梆安全科技有限公司 Method, device and system for downloading white box library file
CN108111622A (en) * 2017-12-29 2018-06-01 北京梆梆安全科技有限公司 A kind of method, apparatus and system for downloading whitepack library file
CN109714154A (en) * 2019-03-05 2019-05-03 同济大学 Whitepack cryptographic algorithm under code cubage difficulty whitepack security model
WO2021114850A1 (en) * 2019-12-09 2021-06-17 百果园技术(新加坡)有限公司 Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
US20230027142A1 (en) * 2019-12-09 2023-01-26 Bigo Technology Pte. Ltd. Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
CN111010266B (en) * 2019-12-09 2023-04-07 广州市百果园信息技术有限公司 Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
CN111010266A (en) * 2019-12-09 2020-04-14 广州市百果园信息技术有限公司 Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
CN115396103A (en) * 2022-10-26 2022-11-25 杭州海康威视数字技术股份有限公司 AI data sharing method, system and device based on white box key
CN115396103B (en) * 2022-10-26 2023-03-24 杭州海康威视数字技术股份有限公司 AI data sharing method, system and device based on white box key

Also Published As

Publication number Publication date
CN106059752B (en) 2019-09-03

Similar Documents

Publication Publication Date Title
CN106059752B (en) A kind of whitepack password encipher-decipher method based on expansion ciphertext
CN104363215B (en) A kind of encryption method and system based on attribute
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
CN103795533B (en) Encryption based on identifier, the method and its performs device of decryption
CN102546181B (en) Cloud storage encrypting and deciphering method based on secret key pool
CN103259643B (en) A kind of full homomorphic cryptography method of matrix
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN108123794A (en) The generation method and encryption method of whitepack key, apparatus and system
CN110313146A (en) Fuzziness enhancing
CN108111295B (en) Homomorphic encryption method based on analog-to-analog operation
CN102402670A (en) File encryption and decryption method
CN104836657B (en) A kind of identity-based anonymity broadcast encryption method with efficient decryption features
CN102016871A (en) Cryptographic system
CN105100083A (en) Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
CN107154845A (en) A kind of BGN types ciphertext decryption outsourcing scheme based on attribute
CN109873699A (en) A kind of voidable identity public key encryption method
CN107257279A (en) A kind of clear data encryption method and equipment
CN106685662A (en) White-box software realization method based on remainder system for commercial cipher SM2 encryption algorithm
CN104396182A (en) Method of encrypting data
CN105184115A (en) Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation
CN105162589A (en) Lattice-based verifiable attribute encryption method
CN105095695A (en) Realizing authorization via incorrect functional behavior of a white-box implementation
CN111314050A (en) Encryption and decryption method and device
CN109688143A (en) A kind of cluster data mining method towards secret protection in cloud environment
KR20170097509A (en) Operation method based on white-box cryptography and security apparatus for performing the method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190903

Termination date: 20200704

CF01 Termination of patent right due to non-payment of annual fee